Internet Protocol Security, which is commonly known as IPsec, is a set of protocols for secure Internet Protocol (IP) communications. It works by validating and coding (encrypting) every IP packet of a communication session. IPsec comprises of protocols for establishing mutual validation between agents at the initiation of the session and negotiation of cryptographic keys to be used throughout the session. IPsec can be used in securing the transmission of data between a pair of hosts, like host to host; between a pair of security gateways, such as network to network; and between a security gateway and a host, like network to host. IPsec employs cryptographic security services to secure communications over Internet Protocol (IP) networks. IPsec ensures network-level peer validation, data origin authentication, data integrity, and data encryption and replay security.
While some popular Internet security systems that are widely accepted, like Transport Layer Security (TLS) and Secure Shell (SSH) operate in the upper layers at the transport layer and the application layer, IPsec is an end-to-end shielding scheme that operates in the Internet Layer of the Internet Protocol Suite. Therefore, only Internet Protocol Security protects the entire application traffic over an IP network. Applications can be automatically safeguarded by IPsec at the IP layer.
IPsec is considered useful especially for implementing virtual private networks and for remote user access via dial-up connection to private networks. One of the major benefits of IPsec is that security arrangements can be managed without doing changes at individual level user computers.
IPsec offers two options for security service:
Authentication Header (AH): Basically, it permits authentication of the sender of data.
Encapsulating Security Payload (ESP): It not only supports authentication of the sender, but it also supports encryption of data.
The particular information related to each of these services is placed into the packet in a header that follows the IP packet header.